Cyber Security Specialist

Cyber Security Specialist

Colombia - Medellin

Responsabilidades Generales

• Designs and implements the infrastructure (on-prem and cloud based) needed to provide Cyber Exposure Management services. • Ensures that all systems are working at optimal levels and offers support to application development department regarding new technologies and system requirements. • Provides technical leadership to ensure the security of information exchanged between internal departments, and external clients. • Ensures optimum performance, scalability, and usability of cyber exposure management tools. Knowledge of static and dynamic code analysis. • Analyzes vulnerability scan results using appropriate scanning tools or platforms to identify potential security weaknesses and vulnerabilities across the organization's systems, applications, and infrastructure. Reviews findings, evaluates vulnerabilities severity, and prioritizes them based on the environment risk levels. • Ensures the effectiveness, accuracy, and reliability of identifying security vulnerabilities by regularly reviewing scan credentials, performance optimization, agent status, and any other type of vulnerability scanning tool related maintenance. • Recommends and oversees the execution of remediation plans to address identified vulnerabilities. Collaborates with relevant teams, such as system administrators, network engineers, database administrators, or application owners, to ensure timely and effective mitigation or remediation of vulnerabilities. • Keeps up to date with the latest security vulnerabilities (including Zero-Day threats), advisories, and best practices. Performs research and analysis of vulnerabilities specific to the organization's technology stack, platforms, or industry, understanding their potential impact and providing recommendations for mitigation or remediation. • Collaborates in generating reports and metrics on vulnerability assessments, including vulnerability status, trends, and progress. Documents vulnerabilities, remediation actions, and their outcomes to maintain accurate records and provide visibility into the organization's Cyber Exposure Management efforts. • In the event of a security incident or breach related to vulnerabilities, the resource may provide support to incident response teams. Assists in analyzing the impact of the incident, identifying vulnerabilities that may have been exploited, and helping with the restoration or recovery process. • Performs compliance assessment across different types of systems (Servers, hypervisors, Network Devices, DB, etc.), and analyzes the findings. Special focus on Unix and Linux systems. • Able to create and maintain scan policies/templates according to the type of security assessment needed. This includes ad hoc scan policies for Zero Day vulnerability detection. • Able to perform web application scans, analyze findings, and communicate recommendations for remediation. • Assists in Technical group assignments based on the type of vulnerability identified. • Assesses the functionality of our current scanning tool to ensure that they are at capacity to meet audit requirements (scans must be complete and accurate, agents must be online and updated, scanners are online, plugins are updated, etc.). • Investigates potential false positive and false negative cases. • Collaborates with cross-functional teams, including system administrators, network engineers, application owners, and other stakeholders involved in cyber exposure management. They communicate effectively to ensure proper coordination of vulnerability management activities, provide guidance on remediation efforts, and facilitate the resolution of security issues. 

Realiza tareas a través de métodos y acciones que son consistentemente éticas y en total cumplimiento de las leyes, las regulaciones aplicables, el Código de Ética, las políticas corporativas, las pautas y las normas de conducta. Completa capacitaciones corporativas y certificaciones destinadas a la detección y prevención de actividades relacionadas con el lavado de dinero y fraude, entrenamiento interno y políticas y procedimientos de conflicto de intereses, según corresponda.

Educación y Experiencia Requerida

Bachelor's degree (B. A.) in Computer Information Systems, Computer Science (MS preferred) or related area from a four-year college or university. Engineering Degree or MS in Computer Sciences (preferred). One (1) to three (3) years of experience working in Cyber Security, Windows/UNIX/Linux/Network Devices Administration, Cloud Security, PCI DSS, Hardening, Web Application Security, CI/CD, and or Vulnerability Management process. Programming and API experience desirable. 

Conocimiento y Destrezas Requeridas

- Is experienced and applies practical knowledge of the work area typically obtained through advanced education and work experience. - Works independently with general supervision. - The problems faced are difficult, but usually not complex. - Can influence others within the work area through the explanation of facts, policies and practices - Must demonstrate analytical, logical, and reasoning skills. - Knowledge regarding the use of vulnerability scanning tools, vulnerability analysis and remediation. - Proficiency in MS Office Tools: Power BI, must be able to create VLOOKUPS and Pivot Tables. - Experience performing compliance checks scans and/or knowledge of a hardening process with a Unix/Linux focus. - Linux servers administration. - Familiar with the different network protocols. - Familiar with web technology. - Strong communication skills. - Customer-centered. - Problem-solving. - Proactive. Certifications: CEH, CISM, CISSP, CompTIA Security+, GIAC Certified Unix Security Administrator (Preferred but not required) 

Lunes a Viernes de 8am a 5pm

Se requiere disponibilidad para trabajar horario extendido, fines de semana y/o feriados y disponibilidad para viajar segun sea necesario.

Evertec Group, LLC es un Patrono con Igualdad de Oportunidades de Empleo